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AMENDMENTS TO THE CLAIMS 
This listing of claiins will replace all prior versions and listings of claims in the application. 
Listing of Claims: 

Claim 1 (Currently Amended): A method for secure communications between a client and 
one of a plurality of servers perfomied on an intermediary device coupled to tiie client and said 
plurality of servers, comprising: 

(a) establishing an open communications session between the intermediary device 
and the client via an open network; 

(b) negotiating a secure communications session with the client; 

(c) establishing an open communications session with said one of said plurality of 
servers via a secure network; 

(d) receiving encrypted a pplication data from the client via the secure 
communications session; 

(e) decrypting the encrypted appUcatiot© data; 

(f) forwarding the decrypted application data to the server via the secure netwoik; 

(g) receiving application data from the server via the secure network; 

(h) encrypting the application data; and 

(i) sending encrypted application data to the client, 

wherein the steps (e) and (f) are performed at the packet level of a network stack of the 
intennediate device without processing the application data with an application layer of a 
network stack. 

Claim 2 (Original): The method of claim 1 wherein said step (a) comprises the sub steps of: 
receiving a requ^ for a commumications session Sdh) the client; 
r^ponding to the request for a comnrunications session in pl ace of the serveTj and 
establishing a secure coimnunications session between the client and the intermediGcry 

device. 
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Claim 3 (Original): The method of claim 2 wherein said step of (a) comprises receiving a TCP 
SYN packet from a client and responding to the SYN packet with appropriate responses as a 
proxy for the server. 

« Claim 4 (Original): The method of claim I wherein said step of negotiating a secure 

communications session comprises negotiating an SSL session with the client in. place of the 
servw. 

Claim 5 (Currently Amended): The method of claim 1 further including: 
receiving the application data as multi-segment records; 

forwarding at least a portion of the decrypted appUcation for each of the records prior to 
receiving complete records; 

discarding at lea s t a the p ortion of eadh of the records after forwardin g the portion to be 
discarded: and 

authenticating the decrypted appKcation data of each data record using the remaining 
non-discarded portion, of the data lecord upon receiving a final segment of the multi-segment 
record. 

Claim 6 (Original): The method of claim 1 wherein the step of forwarding decrypts 
application data to said one of said plurality of servers comprises forwarding airthenticated 
application data. 

Claim 7 (Previously Presented): The method of claim 6 wherein said step of forwarding 
unauthenticated application data includes the further, subsequent step of authenticating the data- 
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Claim 8 (Previously Presented): The method of claim 1 wherciii, prior to said step of 
establishing a communications session with one of said plurality of servers, the method includes 
the step of: 

selecting one of said plurality of servers to forward said decrypted authentication data to 
ba^ed on a load balancing algorithm that calculates current processing loads associate with each 
of the servers. 

Claim 9 (Original): The method of claim 8 fiirther including the step of: 

tracking data passing between the client and said one of said plurality of servers. 

Claim 1 0 (Original): The method of claim 9 wherein said step of tracking comprises: 

establishing a session tracking dalabase recording, for each session, a session ID, a TCP 
sequence number and an SSL session number. 

Claim 1 1 (Original): The method of claim 1 0 further induding tracking, for each session, an 
initialisation vector. 
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Claim 1 2 (Previously Presented): An apparatus coupled to a public network and a secure 
network, communicating with at least one client via the public network and communicating with 
one of a plurality of servers via the secure network, comprising: 

a network iaterface communicating with the public network and the secure netwoiic; 

at least one processor; 

programmable dynamic raeraory addressable by the processor; 

a comimmications diannej coupling the processor, memory and network communications 
interface; 

a proxy TCP communications engine; 

a proxy SSL communications «ttgine; 

a server TCP communications engine; and 

a packet data encryption and decryption engine, 

wherein the proxy SSL communications engijae and the server TCP communications 
engine decrypt encrypted application data from the client and forward the decrypted application 
data to the one of the plurality of servers without processing die application data with an 
applicatioii layer of a network stack of the apparatus. 

Claim 13 (Previously Presented): The apparatus of claim 1 2 further comprising a negotiation 
manager that enables the apparatus as a TCP and SSL proxy for the server. 

Claim 14 (Original): The apparatus of claim 12 further including a load balancing engine to 
direct application data between the at least one client and said one of said plurality of servers by 
copying the data from an SSL commimications session established by the SSL conmninications 
ettgine to a server TCP session established by the server TCP communications engine. 

Claim 1 5 (Original): The apparatus of claim 12 wherein the encryption and decryption en^e 
decrypts encrypted packet data to produce application data. 

Claim 16 (Original): The apparatus of claim 12 ftulher including a session tracking database 
having at least one record per conomunication session between the client and server. 
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Claim 1 7 (Original): The apparatus of cJaim 1 6 wherein said at least one record includes a TCP 
sequence number and an SSL sequence number. 

Claim 1 8 (Original): The ^aratus of claim 1 6 further including a recovery manager using said 
database to recover from communication errors. 

Claim 19 (Original): The apparatus of claim 12 wherein the packet data encryption and 
decryption engine decrypts packets from SSL data which spans over multiple TCP segments and 
forwards packet data to a server which is not authenticated. 

Claim 20 (Previously Presented): The apparatus of claim 12 wherein said data is not buffered 
during decryption. 

Claim 2 1 (Previ ously Presented): The apparatus of claim 1 2 wherein said data is buffered for 
a length sufficient to cotnplete a block cipher used to enoypt the data. 

Claim 22 (Currentiy Amended): The apparatus of claim 19, 

wherein said packet data enoTption and decryption engine includes an authentication 
process which authenticates the decrypted data after a final segment of a tnulti-segment 
encrypted data record is received, and 

wherein the authentication process discards at least a portion of the data record after 
forwarding the portion to be discarded and authenticates decrypted data using the remaining 
portion of the data record after the final segment is received. 
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Claim 23 (Currently Ameaded): A method of providing secure communications between a 
plurality of customer devices and an enterprise, comprising: 

providing a device enabled for secure communication with customer devices and having 
an IP address of the enterprise; 

receiving with an intermediate device communications directed to the enterprise in secure 
nrotoco K wherein the secure nrotocol provides encrypted application data associated with an 
application layer of a network stack : 

decrypting data packets of the secure ptX)tocol to provide decrypted packet data at the 
packet-level of a netwoik stack of the intermediate devi ce; 

bypassing the^afi application layer of the network stack of the intennediate device and 
forwarding the decrypted packet data from Ae intennediate device to at least one server of the 
enterprise without processing the decrypted padcet data with the application layer; 

receiving application data from a secure server of the enterprise; 

encrypting the application data received from the enterprise; and 

forwarding encrypted application data to the customer. 

Claim 24 (Original): ITie method of claim 23 wherein the secure communication in SSL 
protocol en<37pted application data. 

Claim 25 (Original): The method of claim 23 wherein said step of receiving comprises the sub 
steps of initiating a communication session with the enterprise and negotiating a secure 
conmiunication session with the device. 

Claim 26 (Original): The method of claim 23 further including the step of negotiating an open 
communications session with said at least one server of the enterprise and wherein said step of 
forwarding includes forwarding decrypted data via the open commimi cations session. 

Claim 27 (Original): The method of claim 23 wherein said step of receiving communications 
includes receiving a plurality of secure communications sessions from a plurality of customers. 
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Claim 28 (Origioal): The method of claim 27 further includiog a step of selecting one of a 
plurality of enterpri se servers to which to direct data in said $tep of forwarding said decrypted 
packet data. 

Claim 29 (Original): The method of claim 28 further including the step of tracking each 
communications session between each of said phirality of customers and an associated one of 
said plurality of enterprise servers. 
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Claim 30 (Currently Amended): A method for secure comniumcations between a client aad 
one of a plurality of servers performed on an intermediary device coupled to the client and said 
plurality of servers, comprising: 

(a) establishing an open communications session between the intennediary device 
and the client device via an open network; 

(b) negotiating a secure communications session between the intermediary device and 
the client; 

(c) establishing an open communications session between the intetmediary device ^ 
and said one of said plurality of servers via a secure network; 

(d) receiving cnorypted application data from the client via (he secure 
commmxications session; 

(e) decrypting the encrypted application data; 

(f) bypassing an application layer of a network stack of the intermediate device and 
fbrwarding the decrypted application data from the intermediate device to the server via the 
secure network without processing the decrypted paeket application data with the application 
layer, 

(g) receiving application data from the server via the secure network; 

(h) encrypting the application data; 

(i) sending encrypted application data to the client; 

(j) detecting a coimnunications anomaly in a communications session between the 
client and the intermediary device; and 

(k) passing TCP data between the client and the server # em throng the intermediary 

device. 
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